fixes: wso2/api-manager#2101

components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/handlers/security/authenticator/MutualSSLAuthenticator.java

@@ -75,7 +75,11 @@ public MutualSSLAuthenticator(String apiLevelPolicy, boolean isMandatory, String
             for (String certificatePart : certificateParts) {
                 int tierDivisionIndex = certificatePart.lastIndexOf("=");
                 if (tierDivisionIndex > 0) {
-                    String uniqueIdentifier = certificatePart.substring(0, tierDivisionIndex).trim();
+                    String uniqueIdentifier = certificatePart.substring(0, tierDivisionIndex)
+                            .replaceAll("&", "&")
+                            .replaceAll("&lt;", "<")
+                            .replaceAll("&gt;", ">")
+                            .trim();
                     String tier = certificatePart.substring(tierDivisionIndex + 1);
                     certificates.put(uniqueIdentifier, tier);
                 }

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/CertificateMgtUtils.java

@@ -617,7 +617,9 @@ public String getUniqueIdentifierOfCertificate(String certificate) {
                 Certificate generatedCertificate = cf.generateCertificate(serverCert);
                 X509Certificate x509Certificate = (X509Certificate) generatedCertificate;
                 uniqueIdentifier = x509Certificate.getSerialNumber() + "_" + x509Certificate.getIssuerDN();
-                uniqueIdentifier = uniqueIdentifier.replaceAll(",", "#").replaceAll("\"", "'");
+                uniqueIdentifier = uniqueIdentifier.replaceAll(",", "#").replaceAll("\"", "'")
+                        .replaceAll("&", "&")
+                        .replaceAll("<", "&lt;").replaceAll(">", "&gt;");
             }
         } catch (CertificateException e) {
             log.error("Error while getting serial number of the certificate.", e);